The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been patched in version 4.2.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Openeclass
  • Openeclass

No data.

No data.

References
Link Providers
https://github.com/gunet/openeclass/security/advisories/GHSA-c3wq-m629-5h2j cve-icon cve-icon
History

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Openeclass
Openeclass openeclass
Vendors & Products Openeclass
Openeclass openeclass

Tue, 03 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Description The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been patched in version 4.2.
Title Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies
Weaknesses CWE-204
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-03T16:56:07.167Z

Updated: 2026-02-03T16:56:07.167Z

Reserved: 2026-01-23T20:40:23.386Z

Link: CVE-2026-24664

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-02-03T18:16:19.377

Modified: 2026-02-03T18:16:19.377

Link: CVE-2026-24664

cve-icon Redhat

No data.